2,880 research outputs found
Centralized prevention of denial of service attacks
The world has come to depend on the Internet at an increasing rate for communication, e-commerce, and many other essential services. As such, the Internet has become an integral part of the workings of society at large. This has lead to an increased vulnerability to remotely controlled disruption of vital commercial and government operations---with obvious implications. This disruption can be caused by an attack on one or more specific networks which will deny service to legitimate users or an attack on the Internet itself by creating large amounts of spurious traffic (which will deny services to many or all networks). Individual organizations can take steps to protect themselves but this does not solve the problem of an Internet wide attack. This thesis focuses on an analysis of the different types of Denial of Service attacks and suggests an approach to prevent both categories by centralized detection and limitation of excessive packet flows
Fingerprinting Internet DNS Amplification DDoS Activities
This work proposes a novel approach to infer and characterize Internet-scale
DNS amplification DDoS attacks by leveraging the darknet space. Complementary
to the pioneer work on inferring Distributed Denial of Service (DDoS)
activities using darknet, this work shows that we can extract DDoS activities
without relying on backscattered analysis. The aim of this work is to extract
cyber security intelligence related to DNS Amplification DDoS activities such
as detection period, attack duration, intensity, packet size, rate and
geo-location in addition to various network-layer and flow-based insights. To
achieve this task, the proposed approach exploits certain DDoS parameters to
detect the attacks. We empirically evaluate the proposed approach using 720 GB
of real darknet data collected from a /13 address space during a recent three
months period. Our analysis reveals that the approach was successful in
inferring significant DNS amplification DDoS activities including the recent
prominent attack that targeted one of the largest anti-spam organizations.
Moreover, the analysis disclosed the mechanism of such DNS amplification DDoS
attacks. Further, the results uncover high-speed and stealthy attempts that
were never previously documented. The case study of the largest DDoS attack in
history lead to a better understanding of the nature and scale of this threat
and can generate inferences that could contribute in detecting, preventing,
assessing, mitigating and even attributing of DNS amplification DDoS
activities.Comment: 5 pages, 2 figure
Distributed reflection denial of service attack: A critical review
As the world becomes increasingly connected and the number of users grows exponentially and “things” go online, the prospect of cyberspace becoming a significant target for cybercriminals is a reality. Any host or device that is exposed on the internet is a prime target for cyberattacks. A denial-of-service (DoS) attack is accountable for the majority of these cyberattacks. Although various solutions have been proposed by researchers to mitigate this issue, cybercriminals always adapt their attack approach to circumvent countermeasures. One of the modified DoS attacks is known as distributed reflection denial-of-service attack (DRDoS). This type of attack is considered to be a more severe variant of the DoS attack and can be conducted in transmission control protocol (TCP) and user datagram protocol (UDP). However, this attack is not effective in the TCP protocol due to the three-way handshake approach that prevents this type of attack from passing through the network layer to the upper layers in the network stack. On the other hand, UDP is a connectionless protocol, so most of these DRDoS attacks pass through UDP. This study aims to examine and identify the differences between TCP-based and UDP-based DRDoS attacks
Tracking Normalized Network Traffic Entropy to Detect DDoS Attacks in P4
Distributed Denial-of-Service (DDoS) attacks represent a persistent threat to
modern telecommunications networks: detecting and counteracting them is still a
crucial unresolved challenge for network operators. DDoS attack detection is
usually carried out in one or more central nodes that collect significant
amounts of monitoring data from networking devices, potentially creating issues
related to network overload or delay in detection. The dawn of programmable
data planes in Software-Defined Networks can help mitigate this issue, opening
the door to the detection of DDoS attacks directly in the data plane of the
switches. However, the most widely-adopted data plane programming language,
namely P4, lacks supporting many arithmetic operations, therefore, some of the
advanced network monitoring functionalities needed for DDoS detection cannot be
straightforwardly implemented in P4. This work overcomes such a limitation and
presents two novel strategies for flow cardinality and for normalized network
traffic entropy estimation that only use P4-supported operations and guarantee
a low relative error. Additionally, based on these contributions, we propose a
DDoS detection strategy relying on variations of the normalized network traffic
entropy. Results show that it has comparable or higher detection accuracy than
state-of-the-art solutions, yet being simpler and entirely executed in the data
plane.Comment: Accepted by TDSC on 24/09/202
Resilience to DDoS attacks
Tese de mestrado, Segurança Informática, 2022, Universidade de Lisboa, Faculdade de CiênciasDistributed Denial-of-Service (DDoS) is one of the most common cyberattack used by malicious
actors. It has been evolving over the years, using more complex techniques to increase its attack power
and surpass the current defense mechanisms.
Due to the existent number of different DDoS attacks and their constant evolution, companies need
to be constantly aware of developments in DDoS solutions
Additionally, the existence of multiple solutions, also makes it hard for companies to decide which
solution best suits the company needs and must be implemented.
In order to help these companies, our work focuses in analyzing the existing DDoS solutions, for
companies to implement solutions that can lead to the prevention, detection, mitigation, and tolerance
of DDoS attacks, with the objective of improving the robustness and resilience of the companies against
DDoS attacks.
In our work, it is presented and described different DDoS solutions, some need to be purchased and
other are open-source or freeware, however these last solutions require more technical expertise by
cybersecurity agents.
To understand how cybersecurity agents protect their companies against DDoS attacks, nowadays, it
was built a questionnaire and sent to multiple cybersecurity agents from different countries and
industries.
As a result of the study performed about the different DDoS solutions and the information gathered
from the questionnaire, it was possible to create a DDoS framework to guide companies in the decisionmaking process of which DDoS solutions best suits their resources and needs, in order to ensure that
companies can develop their robustness and resilience to fight DDoS attacks.
The proposed framework it is divided in three phases, in which the first and second phase is to
understand the company context and the asset that need to be protected. The last phase is where we
choose the DDoS solution based on the information gathered in the previous phases. We analyzed and
presented for each DDoS solutions, which DDoS attack types they can prevent, detect and/or mitigate
Game theoretic modeling of AIMD network equilibrium
This paper deals with modeling of network’s dynamic using game theory approach. The process of interaction among players (network users), trying to maximize their payoffs (e.g. throughput) could be analyzed using game-based concepts (Nash equilibrium, Pareto efficiency, evolution stability etc.). In this work we presented the model of TCP network’s dynamic and proved existence and uniqueness of solution, formulated payoff matrix for a network game and found conditions of equilibrium existence depending of loss sensitivity parameter. We consider influence if denial of service attacks on the equilibrium characteristics and illustrate results by simulations.В данной работе исследуется моделирования динамики сети на основе теоретико-игрового подхода. Процесс взаимодействия между пользоватлями, которые пытаются максимизировать свои выигрыши (например, долю сети) допускает представление в форме игры и применение методов анализа равновесия. В работе предлагается модель TCP сети и доказано существование и единственность точки устойчивого распределения ресурсов, построена матрица сетевой игры и найдены условия существования равновесия в зависимости от чувствительности пользователей к наличию ошибок. Рассмотрены также влияние атак на характеристики равновесия и проведено имитационное моделирование.В даній роботі досліджується моделювання динаміки мережі на основі теоретико-ігрового підходу. Процес взаємодії між користувачами, що намагаються максимізувати свої виграші (наприклад, частку мережі) допускає представлення у формі гри та застосування методів аналізу рівноваги. В роботі пропонується модель TCP мережі та доведено існування і єдність точки стійкого розподілу ресурсів, побудована матриця мережевої гри та знайдені умови існування рівноваги в залежності від чутливості користувачів до наявності помилок. Розглянуто також вплив атак на характеристики рівноваги та проведене імітаційне моделювання
- …